As the web becomes increasingly popular and used for day-to-day operations, attackers have shifted from techniques such as spam to the web to lure victims and exploit vulnerabilities. Organizations implement security strategies to protect their information technology (IT) infrastructures against such attacks and secure the browsing activities of their employees. It is beneficial to assess the security risk of such security strategies because the assessment can be used to evaluate and improve the security strategies.